Cross-Site Scripting Vulnerabilities in Shorten URLs Module for Drupal
CVE-2012-4492

Currently unrated

Key Information:

Vendor: Isaac Sukin
Status: Shorten
Vendor: CVE Published:; 31 October 2012

🔔 Create Isaac Sukin Vulnerability Alert

What is CVE-2012-4492?

The Shorten URLs module for Drupal has multiple vulnerabilities that allow attackers to execute arbitrary web scripts or HTML. Authenticated users with certain permissions can exploit these vulnerabilities on specific pages, including the report and Custom Services List pages. This could result in the injection of malicious scripts, compromising user data and security. It is crucial for users of affected versions to upgrade to the latest releases to mitigate these risks.

References

http://www.openwall.com/lists/oss-security/2012/10/04/6

mailing-listx_refsource_MLIST

https://drupal.org/node/1719310

x_refsource_CONFIRM

http://drupal.org/node/1719392

x_refsource_MISC

Timeline

Vulnerability published
Oct 31, 2012
Vulnerability Reserved
Aug 21, 2012

JSON